• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Web Security

 
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi my dear friends,
I am using form based, declarative security in my J2EE Web-Application,
and I use this constraint in web.xml file:

<web-app>
<display-name>teststrutsweb</display-name>
<welcome-file-list>
<welcome-file>/welcome.jsp</welcome-file>
</welcome-file-list>
<security-constraint>
<web-resource-collection>
<web-resource-name>RequestingPages</web-resource-name>
<url-pattern>/inside/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/login-error.jsp</form-error-page>
</form-login-config>
</login-config>
</web-app>

but when I run it in tomcat, for all of page (are secure and not secure), "the page can not be desplay" 404 error message be display,
is anyone know why this problem occured?

thanks very much
regards
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Welcome to JavaRanch.

A 404 means page not found, which likely has nothing to do with web security. Comment out all the security setup, and see if the error still happens. If it does, make sure you have the two JSP pages in your web apps top level directory. Another thing to check would be that "*" is allowed as a role name; I think that you can't use wildcards there.
 
malek aftab
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Dear,

when tomcat starts up this web application context, these messages will be desplay in tomcat console:

WARNING: Security role name tomcat used in an <auth-constraint> without being defined in a <security-role>

No Realm has been configured to authenticate against

Marking this application unavailable due to previous error(s)

Seeding random number generator class java.security.SecureRandom

Seeding of random number generator has been completed

Context startup failed due to previous errors

Do you know why this problem occured?!
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You seem to have no <security-role> elements in your file. Also, as suggested, make sure wildcards are allowed for roles. Lastly, for any of this to work, configure a realm.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic